SLFO-pool/gstreamer-plugins-base
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SLFO-pool:f9d6a0cbac003d3bdbd921c9c56e5c1353d6494ecbf3fdc469c793f74924fe81
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
compare: SLFO-pool:1.1
Branches Tags
SLFO-pool:main SLFO-pool:1.1

6 Commits
f9d6a0cbac ... 1.1

Author SHA256 Message Date
Adrian Schröter
e62b3cad28 Sync from SUSE:SLFO:1.1 gstreamer-plugins-base revision 836a82ecf229e99420f87104bc1df575 2025-03-20 11:46:38 +01:00
Adrian Schröter
f5924a98e3 Sync from SUSE:SLFO:Main gstreamer-plugins-base revision a79cf6270e2cffbaf7a5d795014cbcb7 2025-03-17 18:08:46 +01:00
Adrian Schröter
f64d08ef42 Sync from SUSE:SLFO:Main gstreamer-plugins-base revision 9a051ec12f9c7715b584c49fdaa8a3d7 2025-02-20 09:32:18 +01:00
Adrian Schröter
657cddd25a Sync from SUSE:SLFO:Main gstreamer-plugins-base revision 666f111067583c32c2c12802a07bb730 2025-01-13 12:16:12 +01:00
Adrian Schröter
df1920ca5e Sync from SUSE:SLFO:Main gstreamer-plugins-base revision b32f1671b745fa2650e08dd0296b6397 2024-12-20 16:05:09 +01:00
Adrian Schröter
58425f7efa Sync from SUSE:SLFO:Main gstreamer-plugins-base revision 680348a46b3af9b57349079e0ac32f8c 2024-10-03 15:11:37 +02:00
16 changed files with 673 additions and 96 deletions
Expand all files Collapse all files

24
CVE-2024-47538.patch Normal file
View File

@@ -0,0 +1,24 @@
From 5093691ef2ef5c7a6e03a20bce39db143b9cdc43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:35:07 +0300
Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-115
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>
---
diff -urp gst-plugins-base-1.24.7.orig/ext/vorbis/gstvorbisdec.c gst-plugins-base-1.24.7/ext/vorbis/gstvorbisdec.c
--- gst-plugins-base-1.24.7.orig/ext/vorbis/gstvorbisdec.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/ext/vorbis/gstvorbisdec.c 2024-12-16 03:10:04.797186356 -0500
@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (Gst
}
default:{
GstAudioChannelPosition position[64];
- gint i, max_pos = MAX (vd->vi.channels, 64);
+ gint i, max_pos = MIN (vd->vi.channels, 64);
GST_ELEMENT_WARNING (vd, STREAM, DECODE,
(NULL), ("Using NONE channel layout for more than 8 channels"));

102
CVE-2024-47541.patch Normal file
View File

@@ -0,0 +1,102 @@
From 15bb318416e1bf6b6b557006a37d1da86c3a76a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:40:44 +0300
Subject: [PATCH 1/2] ssaparse: Search for closing brace after opening brace
Otherwise removing anything between the braces leads to out of bound writes if
there is a closing brace before the first opening brace.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-228
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
---
diff -urp gst-plugins-base-1.24.7.orig/gst/subparse/gstssaparse.c gst-plugins-base-1.24.7/gst/subparse/gstssaparse.c
--- gst-plugins-base-1.24.7.orig/gst/subparse/gstssaparse.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/gst/subparse/gstssaparse.c 2024-12-16 03:17:56.183667636 -0500
@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad,
return res;
}
+#ifndef HAVE_MEMMEM
+// memmem() is a GNU extension so if it's not available we'll need
+// our own implementation here. Thanks C.
+static void *
+my_memmem (const void *haystack, size_t haystacklen, const void *needle,
+ size_t needlelen)
+{
+ const guint8 *cur, *end;
+
+ if (needlelen > haystacklen)
+ return NULL;
+ if (needlelen == 0)
+ return (void *) haystack;
+
+
+ cur = haystack;
+ end = cur + haystacklen - needlelen;
+
+ for (; cur <= end; cur++) {
+ if (memcmp (cur, needle, needlelen) == 0)
+ return (void *) cur;
+ }
+
+ return NULL;
+}
+#else
+#define my_memmem memmem
+#endif
+
static gboolean
gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
{
@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad,
const GValue *val;
GstStructure *s;
const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF };
+ const guint8 header[] = "[Script Info]";
const gchar *end;
GstBuffer *priv;
GstMapInfo map;
@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad,
left -= 3;
}
- if (!strstr (ptr, "[Script Info]"))
+ if (!my_memmem (ptr, left, header, sizeof (header) - 1))
goto invalid_init;
if (!g_utf8_validate (ptr, left, &end)) {
@@ -231,6 +261,10 @@ invalid_init:
}
}
+#ifdef my_memmem
+#undef my_memmem
+#endif
+
static gboolean
gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
{
@@ -238,7 +272,7 @@ gst_ssa_parse_remove_override_codes (Gst
gboolean removed_any = FALSE;
while ((t = strchr (txt, '{'))) {
- end = strchr (txt, '}');
+ end = strchr (t, '}');
if (end == NULL) {
GST_WARNING_OBJECT (parse, "Missing { for style override code");
return removed_any;
diff -urp gst-plugins-base-1.24.7.orig/meson.build gst-plugins-base-1.24.7/meson.build
--- gst-plugins-base-1.24.7.orig/meson.build 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/meson.build 2024-12-16 03:17:56.183667636 -0500
@@ -197,6 +197,7 @@ check_functions = [
['HAVE_LRINTF', 'lrintf', '#include<math.h>'],
['HAVE_MMAP', 'mmap', '#include<sys/mman.h>'],
['HAVE_LOG2', 'log2', '#include<math.h>'],
+ ['HAVE_MEMMEM', 'memmem', '#include<string.h>'],
]
libm = cc.find_library('m', required : false)

53
CVE-2024-47542.patch Normal file
View File

@@ -0,0 +1,53 @@
From 537161868f36048571f400648ac7909f26c73d53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 26 Sep 2024 13:43:06 +0300
Subject: [PATCH] id3v2: Don't try parsing extended header if not enough data
is available
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-235
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033>
---
diff -urp gst-plugins-base-1.24.7.orig/gst-libs/gst/tag/id3v2.c gst-plugins-base-1.24.7/gst-libs/gst/tag/id3v2.c
--- gst-plugins-base-1.24.7.orig/gst-libs/gst/tag/id3v2.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/gst-libs/gst/tag/id3v2.c 2024-12-16 04:22:19.232866397 -0500
@@ -29,7 +29,7 @@
#define HANDLE_INVALID_SYNCSAFE
-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size);
+static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work);
#ifndef GST_DISABLE_GST_DEBUG
@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer *
GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size);
}
- id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size);
+ id3v2_frames_to_tag_list (&work);
g_free (uu_data);
@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (I
}
static gboolean
-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size)
+id3v2_frames_to_tag_list (ID3TagsWorking * work)
{
guint frame_hdr_size;
/* Extended header if present */
if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) {
+ if (work->hdr.frame_data_size < 4) {
+ GST_DEBUG ("Tag has no extended header data. Broken tag");
+ return FALSE;
+ }
+
work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4);
/* In id3v2.4.x the header size is the size of the *whole*

27
CVE-2024-47600.patch Normal file
View File

@@ -0,0 +1,27 @@
From aa07d94c10d71fac389dbbb264a59c1f6117eead Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 18:19:30 +0300
Subject: [PATCH] discoverer: Don't print channel layout for more than 64
channels
64+ channels are always unpositioned / unknown layout.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-248
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034>
---
diff -urp gst-plugins-base-1.24.7.orig/tools/gst-discoverer.c gst-plugins-base-1.24.7/tools/gst-discoverer.c
--- gst-plugins-base-1.24.7.orig/tools/gst-discoverer.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/tools/gst-discoverer.c 2024-12-16 03:13:55.952129075 -0500
@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioI
channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo);
- if (channel_mask != 0) {
+ if (channel_mask != 0 && channels <= 64) {
gst_audio_channel_positions_from_mask (channels, channel_mask, position);
for (i = 0; i < channels; i++) {

33
CVE-2024-47607.patch Normal file
View File

@@ -0,0 +1,33 @@
From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 1 Oct 2024 13:22:50 +0300
Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
---
subprojects/gst-plugins-base/ext/opus/gstopusdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -urp gst-plugins-base-1.24.0.orig/ext/opus/gstopusdec.c gst-plugins-base-1.24.0/ext/opus/gstopusdec.c
--- gst-plugins-base-1.24.0.orig/ext/opus/gstopusdec.c 2024-03-04 17:51:42.000000000 -0600
+++ gst-plugins-base-1.24.0/ext/opus/gstopusdec.c 2025-01-07 11:32:23.385069871 -0600
@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec *
posn = gst_opus_channel_positions[dec->n_channels - 1];
break;
default:{
- gint i;
+ guint i, max_pos = MIN (dec->n_channels, 64);
GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
(NULL), ("Using NONE channel layout for more than 8 channels"));
- for (i = 0; i < dec->n_channels; i++)
+ for (i = 0; i < max_pos; i++)
pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
posn = pos;

217
CVE-2024-47615.patch Normal file
View File

@@ -0,0 +1,217 @@
From 006047a23a4e4c146e40e5dab765bc6318a94744 Mon Sep 17 00:00:00 2001
From: Mathieu Duponchelle <mathieu@centricular.com>
Date: Wed, 2 Oct 2024 15:16:30 +0200
Subject: [PATCH 1/2] vorbis_parse: check writes to
GstOggStream.vorbis_mode_sizes
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-117 Fixes gstreamer#3875
Also perform out-of-bounds check for accesses to op->packet
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
---
diff -urp gst-plugins-base-1.24.7.orig/ext/ogg/gstoggstream.c gst-plugins-base-1.24.7/ext/ogg/gstoggstream.c
--- gst-plugins-base-1.24.7.orig/ext/ogg/gstoggstream.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/ext/ogg/gstoggstream.c 2024-12-16 03:16:09.786276098 -0500
@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, og
{
gint width, height, par_n, par_d, fps_n, fps_d;
- if (packet->bytes < 26) {
- GST_DEBUG ("Failed to parse VP8 BOS page");
- return FALSE;
- }
-
width = GST_READ_UINT16_BE (packet->packet + 8);
height = GST_READ_UINT16_BE (packet->packet + 10);
par_n = GST_READ_UINT24_BE (packet->packet + 12);
@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad
gint64 prestime_n, prestime_d;
gint64 basetime_n, basetime_d;
- if (packet->bytes < 44) {
- GST_DEBUG ("Not enough data for fishead header");
- return FALSE;
- }
-
data = packet->packet;
data += 8; /* header */
@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad
pad->prestime = -1;
/* Ogg Skeleton 3.3+ streams provide additional information in the header */
- if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3
- && pad->skeleton_minor > 0) {
+ if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE
+ && pad->skeleton_major == 3 && pad->skeleton_minor > 0) {
gint64 firstsampletime_n, firstsampletime_d;
gint64 lastsampletime_n, lastsampletime_d;
gint64 firstsampletime, lastsampletime;
@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad
GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT,
GST_TIME_ARGS (pad->total_time));
- } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE
+ } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE
&& pad->skeleton_major == 4) {
guint64 segment_length, content_offset;
@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, o
guint8 *data = packet->packet;
const char *category;
- if (packet->bytes < 64)
- return FALSE;
-
pad->granulerate_n = GST_READ_UINT32_LE (data + 24);
pad->granulerate_d = GST_READ_UINT32_LE (data + 28);
pad->granuleshift = GST_READ_UINT8 (data + 15);
@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, o
{
GstBuffer *buffer;
- if (packet->bytes < 19)
- return FALSE;
-
pad->granulerate_n = 48000;
pad->granulerate_d = 1;
pad->granuleshift = 0;
@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\001vorbis", 7, 22,
+ "\001vorbis", 7, 29,
"audio/x-vorbis",
setup_vorbis_mapper,
NULL,
@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "PCM ", 8, 0,
+ "PCM ", 8, 28,
"audio/x-raw",
setup_pcm_mapper,
NULL,
@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "CMML\0\0\0\0", 8, 0,
+ "CMML\0\0\0\0", 8, 29,
"text/x-cmml",
setup_cmml_mapper,
NULL,
@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "Annodex", 7, 0,
+ "Annodex", 7, 44,
"application/x-annodex",
setup_fishead_mapper,
NULL,
@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "CELT ", 8, 0,
+ "CELT ", 8, 60,
"audio/x-celt",
setup_celt_mapper,
NULL,
@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\200kate\0\0\0", 8, 0,
+ "\200kate\0\0\0", 8, 64,
"text/x-kate",
setup_kate_mapper,
NULL,
@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "OVP80\1\1", 7, 4,
+ "OVP80\1\1", 7, 26,
"video/x-vp8",
setup_vp8_mapper,
setup_vp8_mapper_from_caps,
@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = {
update_stats_vp8
},
{
- "OpusHead", 8, 0,
+ "OpusHead", 8, 19,
"audio/x-opus",
setup_opus_mapper,
NULL,
@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\001text\0\0\0", 9, 9,
+ "\001text\0\0\0", 9, 25,
"application/x-ogm-text",
setup_ogmtext_mapper,
NULL,
diff -urp gst-plugins-base-1.24.7.orig/ext/ogg/vorbis_parse.c gst-plugins-base-1.24.7/ext/ogg/vorbis_parse.c
--- gst-plugins-base-1.24.7.orig/ext/ogg/vorbis_parse.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/ext/ogg/vorbis_parse.c 2024-12-16 03:16:09.782942747 -0500
@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStr
if (offset == 0) {
offset = 8;
current_pos -= 1;
+
+ /* have we underrun? */
+ if (current_pos < op->packet)
+ return -1;
}
}
@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStr
if (offset == 7)
current_pos -= 1;
+ /* have we underrun? */
+ if (current_pos < op->packet + 5)
+ return -1;
+
if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0)
||
current_pos[-4] != 0
@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStr
/* Give ourselves a chance to recover if we went back too far by using
* the size check. */
for (ii = 0; ii < 2; ii++) {
+
if (offset > 4) {
+ /* have we underrun? */
+ if (current_pos < op->packet)
+ return -1;
+
size_check = (current_pos[0] >> (offset - 5)) & 0x3F;
} else {
+ /* have we underrun? */
+ if (current_pos < op->packet + 1)
+ return -1;
+
/* mask part of byte from current_pos */
size_check = (current_pos[0] & ((1 << (offset + 1)) - 1));
/* shift to appropriate position */
@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStr
mode_size_ptr = pad->vorbis_mode_sizes;
+ if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) {
+ return -1;
+ }
+
for (i = 0; i < size; i++) {
offset = (offset + 1) % 8;
if (offset == 0)

28
CVE-2024-47835.patch Normal file
View File

@@ -0,0 +1,28 @@
From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Wed, 9 Oct 2024 11:23:47 -0400
Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC
subtitles
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-263
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039>
---
diff -urp gst-plugins-base-1.24.7.orig/gst/subparse/gstsubparse.c gst-plugins-base-1.24.7/gst/subparse/gstsubparse.c
--- gst-plugins-base-1.24.7.orig/gst/subparse/gstsubparse.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/gst/subparse/gstsubparse.c 2024-12-16 03:11:46.924564800 -0500
@@ -1066,6 +1066,11 @@ parse_lrc (ParserState * state, const gc
return NULL;
start = strchr (line, ']');
+ // sscanf() does not check for the trailing ] but only up to the last
+ // placeholder, so there might be no ] at the end.
+ if (!start)
+ return NULL;
+
if (start - line == 9)
milli = 10;
else

22
MR-221-video-anc-add-two-new-CEA-608-caption-formats.patch
View File

@@ -1,10 +1,10 @@
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/221
Index: gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.c
Index: gst-plugins-base-1.24.5/gst-libs/gst/video/video-anc.c
===================================================================
--- gst-plugins-base-1.22.0.orig/gst-libs/gst/video/video-anc.c
+++ gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.c
@@ -1017,6 +1017,8 @@ gst_buffer_add_video_caption_meta (GstBu
--- gst-plugins-base-1.24.5.orig/gst-libs/gst/video/video-anc.c
+++ gst-plugins-base-1.24.5/gst-libs/gst/video/video-anc.c
@@ -1022,6 +1022,8 @@ gst_buffer_add_video_caption_meta (GstBu
switch (caption_type) {
case GST_VIDEO_CAPTION_TYPE_CEA608_RAW:
case GST_VIDEO_CAPTION_TYPE_CEA608_S334_1A:
@@ -13,7 +13,7 @@ Index: gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.c
case GST_VIDEO_CAPTION_TYPE_CEA708_RAW:
case GST_VIDEO_CAPTION_TYPE_CEA708_CDP:
break;
@@ -1066,6 +1068,10 @@ gst_video_caption_type_from_caps (const
@@ -1071,6 +1073,10 @@ gst_video_caption_type_from_caps (const
return GST_VIDEO_CAPTION_TYPE_CEA608_RAW;
} else if (g_strcmp0 (format, "s334-1a") == 0) {
return GST_VIDEO_CAPTION_TYPE_CEA608_S334_1A;
@@ -24,7 +24,7 @@ Index: gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.c
}
} else if (gst_structure_has_name (s, "closedcaption/x-cea-708")) {
if (g_strcmp0 (format, "cc_data") == 0) {
@@ -1103,6 +1109,14 @@ gst_video_caption_type_to_caps (GstVideo
@@ -1108,6 +1114,14 @@ gst_video_caption_type_to_caps (GstVideo
caption_caps = gst_caps_new_simple ("closedcaption/x-cea-608",
"format", G_TYPE_STRING, "s334-1a", NULL);
break;
@@ -39,11 +39,11 @@ Index: gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.c
case GST_VIDEO_CAPTION_TYPE_CEA708_RAW:
caption_caps = gst_caps_new_simple ("closedcaption/x-cea-708",
"format", G_TYPE_STRING, "cc_data", NULL);
Index: gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.h
Index: gst-plugins-base-1.24.5/gst-libs/gst/video/video-anc.h
===================================================================
--- gst-plugins-base-1.22.0.orig/gst-libs/gst/video/video-anc.h
+++ gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.h
@@ -345,7 +345,53 @@ GstVideoBarMeta *gst_buffer_add_video_ba
--- gst-plugins-base-1.24.5.orig/gst-libs/gst/video/video-anc.h
+++ gst-plugins-base-1.24.5/gst-libs/gst/video/video-anc.h
@@ -490,7 +490,53 @@ GstVideoBarMeta *gst_buffer_add_video_ba
* offset relative to the base-line of the original image format (line 9
* for 525-line field 1, line 272 for 525-line field 2, line 5 for
* 625-line field 1 and line 318 for 625-line field 2).
@@ -98,7 +98,7 @@ Index: gst-plugins-base-1.22.0/gst-libs/gst/video/video-anc.h
* can also contain 608-in-708 and the first byte of each triplet has to
* be inspected for detecting the type.
* @GST_VIDEO_CAPTION_TYPE_CEA708_CDP: CEA-708 (and optionally CEA-608) in
@@ -361,7 +407,9 @@ typedef enum {
@@ -506,7 +552,9 @@ typedef enum {
GST_VIDEO_CAPTION_TYPE_CEA608_RAW = 1,
GST_VIDEO_CAPTION_TYPE_CEA608_S334_1A = 2,
GST_VIDEO_CAPTION_TYPE_CEA708_RAW = 3,

8
add_wayland_dep_to_tests.patch
View File

@@ -1,8 +1,8 @@
Index: gst-plugins-base-1.22.0/tests/check/meson.build
Index: gst-plugins-base-1.24.5/tests/check/meson.build
===================================================================
--- gst-plugins-base-1.22.0.orig/tests/check/meson.build
+++ gst-plugins-base-1.22.0/tests/check/meson.build
@@ -135,7 +135,7 @@ if build_gstgl
--- gst-plugins-base-1.24.5.orig/tests/check/meson.build
+++ gst-plugins-base-1.24.5/tests/check/meson.build
@@ -138,7 +138,7 @@ if build_gstgl
test_defines += ['-DTEST_GST_GL_ABI_CHECK']
endif

BIN
gst-plugins-base-1.24.0.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
gst-plugins-base-1.24.7.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

20
gst-plugins-base-audiobasesink-gap.patch
View File

@@ -1,20 +0,0 @@
diff --git a/gst-libs/gst/audio/gstaudiobasesink.c b/gst-libs/gst/audio/gstaudiobasesink.c
index 1f843ac..891941d 100644
--- a/gst-libs/gst/audio/gstaudiobasesink.c
+++ b/gst-libs/gst/audio/gstaudiobasesink.c
@@ -1124,15 +1124,6 @@ gst_audio_base_sink_wait_event (GstBaseSink * bsink, GstEvent * event)
/* Make sure the ringbuffer will start again if interrupted during event_wait() */
g_atomic_int_set (&sink->eos_rendering, 1);
clear_force_start_flag = TRUE;
-
- /* For gap events, don't actually wait for the clock to
- * reach that time, or it will drain the ringbuffer, just
- * ensure we're prerolled and let the next actual buffer
- * get rendered where it belongs */
- if (GST_EVENT_TYPE (event) == GST_EVENT_GAP) {
- ret = gst_base_sink_do_preroll (bsink, GST_MINI_OBJECT_CAST (event));
- goto done;
- }
break;
default:
break;

67
gst-plugins-base-decodebin3-collection-identity-check.patch Normal file
View File

@@ -0,0 +1,67 @@
From 378e78f285a3f14c0c53473948090464fa48147b Mon Sep 17 00:00:00 2001
From: Edward Hervey <edward@centricular.com>
Date: Wed, 21 Aug 2024 16:29:03 +0200
Subject: [PATCH] decodebin3: Fix collection identity check
Collections can be auto-generated from upstream and yet have exactly the same
streams in it.
Therefore do a more in-depth check for equality.
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742
---
.../gst/playback/gstdecodebin3.c | 26 ++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/gst/playback/gstdecodebin3.c b/gst/playback/gstdecodebin3.c
index 56ef496468ac..78b79c776ba6 100644
--- a/gst/playback/gstdecodebin3.c
+++ b/gst/playback/gstdecodebin3.c
@@ -2609,6 +2609,29 @@ db_collection_new (GstStreamCollection * collection)
return db_collection;
}
+static gboolean
+collections_are_identical (GstStreamCollection * collection,
+ GstStreamCollection * previous)
+{
+ guint i;
+
+ if (collection == previous)
+ return TRUE;
+
+ if (gst_stream_collection_get_size (collection) !=
+ gst_stream_collection_get_size (previous))
+ return FALSE;
+
+ for (i = 0; i < gst_stream_collection_get_size (previous); i++) {
+ GstStream *stream = gst_stream_collection_get_stream (previous, i);
+ const gchar *sid = gst_stream_get_stream_id (stream);
+ if (!stream_in_collection (collection, (gchar *) sid))
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
/** handle_stream_collection_locked:
* @dbin:
* @collection: (transfer none): The new collection for @input. Can be %NULL.
@@ -2683,12 +2706,13 @@ handle_stream_collection_locked (GstDecodebin3 * dbin,
if (dbin->input_collection) {
GstStreamCollection *previous = dbin->input_collection->collection;
- if (collection == previous) {
+ if (collections_are_identical (collection, previous)) {
GST_DEBUG_OBJECT (dbin, "Collection didn't change");
gst_object_unref (collection);
SELECTION_UNLOCK (dbin);
return NULL;
}
+
/* Check if this collection is an update of the previous one */
if (gst_stream_collection_get_size (collection) >
gst_stream_collection_get_size (previous)) {
--
GitLab

53
gstreamer-plugins-base-CVE-2024-4453.patch
View File

@@ -1,53 +0,0 @@
commit e68eccff103ab0e91e6d77a892f57131b33902f5
Author: Sebastian Dröge <sebastian@centricular.com>
Date: Thu Apr 25 15:21:20 2024 +0300
exiftag: Prevent integer overflows and out of bounds reads when handling undefined tags
Fixes ZDI-CAN-23896
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6766>
diff -Nura gst-plugins-base-1.24.0/gst-libs/gst/tag/gstexiftag.c gst-plugins-base-1.24.0_new/gst-libs/gst/tag/gstexiftag.c
--- gst-plugins-base-1.24.0/gst-libs/gst/tag/gstexiftag.c 2024-03-05 07:51:42.000000000 +0800
+++ gst-plugins-base-1.24.0_new/gst-libs/gst/tag/gstexiftag.c 2024-05-27 19:25:58.227183616 +0800
@@ -1383,6 +1383,7 @@
if (count > 4) {
GstMapInfo info;
+ gsize alloc_size;
if (offset < reader->base_offset) {
GST_WARNING ("Offset is smaller (%u) than base offset (%u)", offset,
@@ -1404,14 +1405,28 @@
return;
}
+ if (info.size - real_offset < count) {
+ GST_WARNING ("Invalid size %u for buffer of size %" G_GSIZE_FORMAT
+ ", not adding tag %s", count, info.size, tag->gst_tag);
+ gst_buffer_unmap (reader->buffer, &info);
+ return;
+ }
+
+ if (!g_size_checked_add (&alloc_size, count, 1)) {
+ GST_WARNING ("Invalid size %u for buffer of size %" G_GSIZE_FORMAT
+ ", not adding tag %s", real_offset, info.size, tag->gst_tag);
+ gst_buffer_unmap (reader->buffer, &info);
+ return;
+ }
+
/* +1 because it could be a string without the \0 */
- data = malloc (sizeof (guint8) * count + 1);
+ data = malloc (alloc_size);
memcpy (data, info.data + real_offset, count);
data[count] = 0;
gst_buffer_unmap (reader->buffer, &info);
} else {
- data = malloc (sizeof (guint8) * count + 1);
+ data = malloc (count + 1);
memcpy (data, (guint8 *) offset_as_data, count);
data[count] = 0;
}

94
gstreamer-plugins-base.changes
View File

@@ -1,3 +1,97 @@
-------------------------------------------------------------------
Tue Jan 7 17:56:01 UTC 2025 - Michael Gorse <mgorse@suse.com>
- Add various CVE fixes:
+ CVE-2024-47538.patch (boo#1234415 CVE-2024-47538)
+ CVE-2024-47835.patch (boo#1234450 CVe-2024-47835)
+ CVE-2024-47600.patch (boo#1234453 CVE-2024-47600)
+ CVE-2024-47615.patch (boo#1234456 CVE-2024-47615)
+ CVE-2024-47541.patch (boo#1234459 CVE-2024-47541)
+ CVE-2024-47542.patch (boo#1234460 CVE-2024-47542)
+ CVE-2024-47607.patch (boo#1234455 CVE-2024-47607)
-------------------------------------------------------------------
Fri Aug 23 07:15:20 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.7:
+ pbutils: descriptions: use subsampling factor to get YUV
subsampling
+ rtspconnection: Handle invalid argument properly
+ urisourcebin:
- Actually drop EOS on old-school pad switch
- Don't hold lock when emitting about-to-finish
+ gst-launch deadlock with two playbin3s
+ xvimagesink: Fix crash in pool on error
-------------------------------------------------------------------
Wed Aug 21 15:43:45 UTC 2024 - Jonas Kvinge <jonaski@opensuse.org>
- Add gst-plugins-base-decodebin3-collection-identity-check.patch:
- Fixes a assertion causing crash on track change. Upstream bug:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742
-------------------------------------------------------------------
Wed Jul 31 13:41:59 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.24.6:
+ Highlighted bugfixes:
- Fix compatibility with FFmpeg 7.0.
- qmlglsink: Fix failure to display content on recent Android
devices.
- adaptivedemux: Fix handling of closed caption streams.
- cuda: Fix runtime compiler loading with old CUDA tookit.
- decodebin3 stream selection handling fixes.
- d3d11compositor, d3d12compositor: Fix transparent background
mode with YUV output.
- d3d12converter: Make gamma remap work as intended.
- h264decoder: Update output frame duration for interlaced
video when second field frame is discarded.
- macOS audio device provider now listens to audio devices
being added/removed at runtime.
- Rust plugins: audioloudnorm, s3hlssink, gtk4paintablesink,
livesync and webrtcsink fixes.
- videoaggregator: preserve features in non-alpha caps for
subclasses with non-system memory sink caps.
- vtenc: Fix redistribute latency spam.
- v4l2: fixes for complex video formats.
- va: Fix strides when importing DMABUFs, dmabuf handle leaks,
and blocklist unmaintained Intel i965 driver for encoding.
- waylandsink: Fix surface cropping for rotated streams.
- webrtcdsp: Enable multi_channel processing to fix handling of
stereo streams.
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements.
-------------------------------------------------------------------
Thu Jun 27 18:20:13 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.5:
+ Highlighted bugfixes:
- webrtcsink: Support for AV1 via nvav1enc, av1enc or rav1enc
encoders
- AV1 RTP payloader/depayloader fixes to work correctly with
Chrome and Pion WebRTC
- av1parse, av1dec error handling/robustness improvements
- av1enc: Handle force-keyunit events properly for WebRTC
- decodebin3: selection and collection handling improvements
- hlsdemux2: Various fixes for discontinuities, variant
switching, playlist updates
- qml6glsink: fix RGB format support
- rtspsrc: more control URL handling fixes
- v4l2src: Interpret V4L2 report of sync loss as video signal
loss
- d3d12 encoder, memory and videosink fixes
- vtdec: more robust error handling, fix regression
- ndi: support for NDI SDK v6
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements
- Please see https://gstreamer.freedesktop.org/releases/1.24/ for
changes between 1.24.0 and this version and even more in-depth
info.
- Refresh patches with quilt.
- Drop gst-plugins-base-audiobasesink-gap.patch and
gstreamer-plugins-base-CVE-2024-4453.patch: Fixed upstream.
-------------------------------------------------------------------
Wed May 22 12:45:03 UTC 2024 - Cliff Zhao <qzhao@suse.com>

15
gstreamer-plugins-base.spec
View File

@@ -20,7 +20,7 @@
%define gst_branch 1.0
%define gstreamer_req_version %(echo %{version} | sed -e "s/+.*//")
Name: gstreamer-plugins-base
Version: 1.24.0
Version: 1.24.7
Release: 0
Summary: GStreamer Streaming-Media Framework Plug-Ins
License: GPL-2.0-or-later AND LGPL-2.1-or-later
@@ -31,10 +31,15 @@ Source1: gstreamer-plugins-base.appdata.xml
Source2: baselibs.conf
Patch1: add_wayland_dep_to_tests.patch
Patch2: MR-221-video-anc-add-two-new-CEA-608-caption-formats.patch
# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3303
Patch3: gst-plugins-base-audiobasesink-gap.patch
# PATCH-FIX-UPSTREAM gstreamer-plugins-base-CVE-2024-4453.patch CVE-2024-4453 ZDI-24-467 ZDI-CAN-23896 bsc#1224806 qzhao@suse.com -- Prevent integer overflows and out of bounds reads when handling undefined tags.
Patch4: gstreamer-plugins-base-CVE-2024-4453.patch
Patch3: gst-plugins-base-decodebin3-collection-identity-check.patch
Patch4: CVE-2024-47538.patch
Patch5: CVE-2024-47835.patch
Patch6: CVE-2024-47600.patch
Patch7: CVE-2024-47615.patch
Patch8: CVE-2024-47541.patch
Patch9: CVE-2024-47542.patch
Patch10: CVE-2024-47607.patch
BuildRequires: Mesa-libGLESv3-devel
BuildRequires: cdparanoia-devel
BuildRequires: gcc-c++